By Jared Hrabak, Consulting Cybersecurity Engineer, cStor
As a kid, I joined the Boy Scouts and after years of hard work and determination, I eventually reached the highest achievement level possible: Eagle Scout. The most pivotal lesson from my Scout training that has carried into every aspect of my life and career has been this: being prepared pays off.
In today’s dynamic cybersecurity environment, “being prepared” is still my nature. It means the difference between a company thriving or failing. In my role, I dive deep into many aspects of security and there are some aspects, such as web filtering, that I believe should absolutely be part of a modern, advanced cyber strategy. Many companies are lagging on this front, either unaware or uninformed of the potential risks around everyday Internet usage by their employees.
Ask yourself this: do you really know where your employees are going online, where they spend their time on the Internet, and why? Are they checking Facebook once or twice a day, or sitting with it open continuously as they toggle between tasks and applications? Are they on one site all day to check news feeds from other sources? Does their role dictate the need for such visits?
You might assume you’re effectively monitoring where employees are traveling online. I assure you, there’s more to the story. Here are some ways you can BE PREPARED, and three ways you can advance your cyber strategy to close the gaps.
BE PREPARED with a Clear Acceptable Use Policy (AUP)
Ensure you have an acceptable use policy of what employees are and are not allowed to do on the Internet, including the balance between productivity and personal usage time. If you already have one, be sure it’s reviewed and updated at least once a year and employees receive policy training. If you don’t yet have one, here’s a useful post on how to create one.
Role-based rules in your policy are equally important. Some employees, such as marketing and HR, may need access to social media and professional networking sites in order to perform everyday job tasks. Other functions and remote workers may need different access and permissions. As you review your employee base and their needs, be sure you take role context into account and the monitoring tools you use that offer this flexibility.
Anomaly spikes in Internet usage behavior should send a red flag into your systems. Having a clear policy that is current and well-articulated with your employee base gives you a guideline to monitor and enforce against. Be sure you have the right tools to monitor and alert your team on such flags.
BE PREPARED with the Level of Risk You’re Willing to Accept
The lack of a policy, or a murky one, simply means risk in the form of data, revenue and productivity losses. It’s critical to have a clear handle on what level of risk you and your management team are willing to accept. This will define the functionality you need from a web filtering tool. If you’re uncertain of where to start, consult an expert to have the discussion. While there are many tools to choose from, identifying what’s right for your company is more of an art than a science, so getting resources engaged that can help facilitate the process is key.
BE PREPARED with the Right Tools and Resources
An effective cybersecurity strategy is empowered by the right tools, helping your internal team and/or outsourced experts get the job done. Here are 3 key techniques to apply when you’re ready to advance your web filtering capabilities.
1. DNS Sanitization → following a web request, a call is made to where the Internet domain name and IP address reside. With DNS Sanitization, you can determine if the site is part of that user’s approved access, and if not, display a message that the access to the site is against policy and include a link directly to your online AUP.
There are several tools emerging that use machine learning to know if a site may be malicious, and some will automate blocking a dangerous DNS request. These kinds of technologies do the heavy lifting, so your security team doesn’t get backlogged.
2. NextGEN Firewalls (NGFW) → Most organizations have NextGEN firewalls these days. These devices are multi-functional and do more than just IP blocking. Modern firewalls offer deep packet inspection, so you can actually see what application(s) employees are opening, even if the traffic is encrypted. They also deliver intrusion prevention and give you the ability to use more data intelligence than ever before.
If the firewall’s bandwidth is not a concern, you can use SSL decryption to inspect traffic and see what is happening, essentially becoming the authorized middleman. It’s also important to remember that not everything needs to be decrypted, which will also save you bandwidth. Bigger organizations may find it easier and more cost-effective to offload that processing power to a proxy which can sanitize the data and company IP before it goes out. That makes your digital footprint more anonymous. Proxies and SSL decryption can go a long way in cost/risk savings and simplify your overall security posture without sacrificing critical security elements.
3. Cloud Access Security Broker (CASB) → Last year our CTO, Pete Schmitt, wrote a great blog about CASB, so I won’t elaborate too much other than to offer this: as your business grows and you move away from having on-premise hardware and software, enlisting a CASB can save you a world of time and complexity.
A CASB’s ability to let you know what kind of PII you have in the cloud, where it resides, and if it is publicly exposed will save you more than just time and a headache. Get proactive on this front, and work with a CASB solution to build an extended access control system in your cloud infrastructure that can be monitored, responded to and documented.
The truth is, there really is no ‘one size fits all’ approach to advancing your web filtering capabilities. Enhancing your strategy on this front will reduce your risk and help you be more prepared. While technology is an enabler of your strategy, it’s up to you to determine the right next step in becoming more prepared and proactive than ever before.
You may also be thinking, “I just don’t have the time to research all of the vendors offering these kinds of solutions.” I get it. Engaging an expert team to help you assess your unique requirements and then tailor a course of action fit specifically to you is a great next step.
Security should be an ongoing process, not a one-time project. If you begin with the end in mind, you’re one step closer to being prepared.